Chapter 5: Information Security: Protecting Information and Resources Flashcards
Information Security
protect organization data and IS from unauthorized access and use
Costs of Information Security Breaches
stolen work, blackmail, money, damage to company property, clients and reputation, etc
CIA Triangle
Confidentiality
Integrity
Availability
Confidentiality
prevent disclosing information to anyone who is not authorized to access
Integrity
accuracy and reliability of information resources within an organization
Availability (3)
-computers and networks are operational
- users can obtain information required
- quick recovery in event of failure or disaster
McCumber Cube and sides
3 dimensional cube to bring goals together
Side 1: Transmission, Storage, Processing
Side 2: Confidentially, Integrity, Availability
Slide 3. Human Factors, Privacy and Practice, Technology
Threats: Spyware
software secretly gathers info about users
Threats: Adware
Form of spyware, collects info about user to displays ads in web browser
Threats: Phishing
Sending fraudulent emails appearing from legitimate sources. Not directed like spear phishing
Threats: Pharming
hijack IP address of a website etc users who enter website are directed to fraudulent website
Threats: Spear Phishing
target email scan with sole purpose of obtaining sensitive data from company, person or organization
Threats: Baiting & Quid Pro Quo
get someone to fall for something out of their own curiosity or fear, cyber actors offer them something in return
Keystroke Loggers
what are they
what can they be used for (3)
monitor and record keystrokes
1. track employees computer use
2. Malicious purposes
3. prevent antivirus and anti-spyware
Threats: Sniffing
hackers capture and record network traffic
Threats: Spoofing
gain access to network by posing as an authorized user, disguise their identity
Threats: Virus
self-propagating program code and attaches itself to many files and will cycle when program is used
Threats: Worm
virus or program that can independently spread without being attached to host program
Threats: Trojan Programming
A code that is intended to disrupt a computer, network or website
Threats: Logic Bomb
Type of trojan program, release destructive worm or code
Threats: Backdoor
designer can bypass security and sneak back into system to access program or files
Threats: Blended Threat
Public and private networks, combine threats, virus, worms and codes to evade
RAM Scraping
Scans RAM (memory) to find sensitive saved data
Credentialing
stealing passwords, logins
USB Worms
Viruses stored on USB device
Cryptojacking
Harnessing loose computing program to mine cryptocurrency
Social Engineering
use peoples skills to trick others into revealing private information to break into networks and servers
Denial of Service Attack (DoS)
Floods a network with service requests to prevent legitimate user’s access to the system
Distributed Denial of Service Attack (DDoS)
thousands of computer work together to bombard a website with thousands of requests causing it to halt
Telephony Denial of Service (TDoS)
high volumes of automated calls to tie up a target phone system, company comes to a halt
Types of Hackers and description (3)
Script Kiddies: Use for malicious intent but not as skilled
Black Hats: Typical Hacker
White Hacker: Ethical hacker given permission to determine vulnerability of the software/network
Defence: First Step to Comprehensive Security System
Fault-Tolerant Systems and examples (3)
Ensure availability in event of a system failure by using hardware and software
- Uninterruptible Power Supply (UPS)
- Redundant Array of Independent Disks (RAID)
- Mirror Disk
Defence: Access Controls
Designed to protect system from unauthorized access
Biometric Security Measures and examples
Physiological element unique to person which cannot be stolen or copied
Non Biometric Measures: Callback Moderns
Log user off and call back at predetermined number (working from home)
Non Biometric Measures: Terminal Resource Security
erases the screen and signs user off automatically after a length of inactivity
Non Biometric Measures: Intrusion Detect System
protect against internal and external acess
Non Biometric Measures: Password
a login credential made up of text, keys, symbols and characters
Physical Security measures: (4)
cable shielding
electronic tracker
steel encasements
ID Badges
Firewalls and what does it decide?
soft/hardware barrier between private network and external computer or network
decides whether to allow transmission of data
Firewall Actions (4)
reject, report, reply, accept,
Types of Firewall: Packet-filtering firewall
examines every packet passing in/out of network
Types of Firewall: Application-filtering firewall
controls use of applications like email
Types of Firewall: Proxy Server
intermediary between two systems
Virtual Private Network (VPN)
secure tunnel through the internet to transmit messages, information and data etc WawanesaLife VPN
Data Encryption
Transform Data (plaintext) to scrambled form (ciphertext)
Encryption Protocols (3)
- Manage encryption and security over internet
- secure socket layers
- Transport Layer Security
Types of Encryption: 2
Public Key Infrastructure: Asymmetric Equation
Secret Key Encryption: Symmetric Equation